But, please, stay with me. (Besides, I know that you most likely see fraud prevention as important, if not very or extremely important[iv], so I’ll make it worth the extra few minutes of your time.)

The first thing that you need to know is that the fraud that concerns you as a leader may well be outside the definition of fraud for the auditor. Your auditor is only interested in the financial report, so only in fraudulent actions that result in misstatements in the financial report. You, however, are interested in the health of the organisation, so fraud for you is defined something like this:

The use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization’s resources or assets [v].

This results in a classification of fraud that is wider than theirs: to their fraudulent financial reporting and misappropriation of assets you add corruption. Conflicts of interest, bribery, illegal gratuities, and economic extortion.

Plus they have a higher threshold for mistakes than you. In fact, because of the inherent limitations of an audit, there is a chance that there are not only immaterial misstatements in the financial report, but also material misstatements. (But this risk is low enough to allow them to issue a clean opinion.)

Then there’s their evidence for the assurance that they are able to express in their report.

Evidence of no fraud

Yes, your audit report says, under the heading Auditor’s Responsibility, that they ‘plan and perform the audit to obtain reasonable assurance about whether the financial report is free from material misstatement.’ And that these misstatements may be due to fraud.

However, you know that letter you sign for the auditor, the one he calls a ‘representation letter’? In there you say that you have told them (a) the results of your own ‘assessment of the risk that the financial report may be materially misstated as a result of fraud’, and (b) what you know about actual, suspected or alleged fraud affecting the entity. Well, because of “the nature of fraud and the difficulties encountered by auditors in detecting material misstatements in the financial report”, these statements will form a significant part of the evidence they collect to support their opinion[vi].

This is consistent with what the auditor says in the report under Management’s Responsibility for the Financial Report: that it is you who are responsible for the “internal control necessary to enable the preparation and fair presentation of the financial report that is free from material misstatement, whether due to fraud or error[vii].”

So it’s mostly down to you, not them. That’s why you have more chance of discovering fraud by accident that through external audit[viii].

Now do you believe me that you need much more than an external audit? If so, talk to a professional accountant (but not your auditor!).

[i] 43% of the 291 respondents in KPMG’s latest Fraud Survey experienced fraud (and 30% of them detected less than 40% of their frauds in their organisation) [A survey of fraud, bribery and corruption in Australia and New Zealand 2012, kpmg.com.au, 4].

[iii] In BDO’s Not-for-profit Fraud Survey 2014, only 28% of their 436 respondents saw fraud as a problem for their organisation (although 90% saw it as a problem for the sector.) And external audits was the No. 1 ‘primary factor’ for the respondents in reducing the risk of fraud. [bdo.com.au, 6,7].

[iv] 83% of all respondents see fraud prevention as important, very important or extremely important [bdo.com.au, 7].